CVE-2026-3649
CVE-2026-3649 concerns the WordPress plugin “Katalogportal PDF Sync” (Widget) ≤ 1.0.0. The issue is Missing Authorization via the AJAX handler katalogportal_shortcodePrinter, registered through wp_ajax_katalogportal_shortcodePrinter. The handler lacks capability checks (current_user_can()) and no...